CVE-2024-35432 Information

Description

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting.

Reference

https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35432.md